what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2010-0178

Status Candidate

Overview

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.

Related Files

Mandriva Linux Security Advisory 2010-070
Posted Apr 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-070 - Many security issues have been identified and fixed in Firefox. These range from various memory consumption issues to denial of service vulnerabilities. Since firefox-3.0.19 is the last 3.0.x release Mandriva opted to provide the latest 3.6.3 version for Mandriva Linux 2008.0/2009.0/2009.1/MES5/2010.0. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Additionally, some packages which require so, have been rebuilt and are being provided as updates. Packages for 2009.0 are provided due to the Extended Maintenance Program.

tags | advisory, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2010-0164, CVE-2010-0165, CVE-2010-0167, CVE-2010-0168, CVE-2010-0170, CVE-2010-0172, CVE-2010-1122, CVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181, CVE-2010-0182
SHA-256 | 7a38196109ca581687357af57f2b35960ec088b6dde743dc49c6744fb1343a50
Mandriva Linux Security Advisory 2010-070
Posted Apr 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-070 - Many security issues were identified and fixed in firefox. These issues range from memory corruption to stability bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2010-0164, CVE-2010-0165, CVE-2010-0167, CVE-2010-0168, CVE-2010-0170, CVE-2010-0172, CVE-2010-1122, CVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181, CVE-2010-0182
SHA-256 | d1dbac31fec5aaf4ccbfa6c390607e2f03c8adad158389687409d09844832819
Ubuntu Security Notice 921-1
Posted Apr 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 921-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. Henry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. Wladimir Palant discovered that Firefox did not always perform security checks on XML content.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181, CVE-2010-0182
SHA-256 | 3c2ad9ef0cea24bcc04e06d51bb75bbac258b8b969603ad2fff0078adc1901c2
Ubuntu Security Notice 920-1
Posted Apr 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 920-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179
SHA-256 | 557c412f827f2f32ff7489ae2f4654feece2a35b1342ce9770ba6964e2dd12e7
Debian Linux Security Advisory 2027-1
Posted Apr 5, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2027-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179
SHA-256 | 8a5256f8e41085ee974d4213fb8ec7be29ae9ce62b0d995be3d7548a75dbd4ce
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close